The “Binance Airdrop” scam refers to a fake Binance airdrop hosted on claimairdrop-reflection.xyz. It goes without saying that the scam has nothing to do with Binance Holdings, the cryptocurrency exchange platform. Malicious actors are merely using the platform’s popularity to steal users’ money. The fake site invites users to claim the airdrop and asks them to connect their digital wallets. If…
The “Online Webmail Deactivation” email is part of a phishing campaign that targets users’ email login credentials. It’s a generic phishing attempt, disguised as an email from the email service provider, supposedly informing recipients that an unusual login has triggered the email account to be temporarily blocked for security reasons. Users will supposedly be unable to use their accounts unless they…
The “European Data Protection Supervisor” email is a fake email from supposedly the European Data Protection Supervisor. The email has a file attached to it that claims an investigation by Europol has been launched against the recipient, supposedly because of “potential illegal activities involving the use of computer networks”. Specifically, illegal activities involving possession and dissemination of child abuse material, and…
StarFire ransomware is a file-encrypting malware. The ransomware takes users’ files hostage by encrypting them and demands payment for a decryptor to recover them. The malware can be identified by the .Celestial extension added to encrypted files. If your files have that extension, you will not be able to open them until you put them through a decryptor. However, the…
ARCH WIPER ransomware is a type of malware that encrypts files. The malware is either still in development and is currently being tested, or its operators are simply trying to cause damage as they do not offer a decryptor. That is unusual for ransomware, as operators usually try to sell the decryptor so they can make money. In this case,…
The “Message Restriction Activity” email is part of a phishing campaign that tries to trick users into disclosing their email login credentials. The email claims that 5 new emails have not been delivered to users’ inboxes for unspecified reasons. If users want to get the emails, they are asked to click on the provided button. However, doing that would lead users…
The “Flare Airdrop” crypto scam refers to a scam that imitates the legitimate Flare platform to trick users into connecting their digital wallets to a malicious site. The main goal of these types of scams is to get users to initiate crypto drainers that would steal all the funds in the digital wallets. Flare is a legitimate base-layer blockchain that allows…
Midnight ransomware is a file-encrypting malicious program that takes files hostage by encrypting them. The malware uses military-grade encryption to encrypt files, making them unopenable. When files are encrypted, an extension is added to them, which is .midnight in this case. This allows users to identify both which files have been encrypted and what ransomware specifically they are dealing with.…
The “Hinkal” crypto scam refers to scams that imitate Hinkal, a legitimate crypto platform. Malicious actors have created an imitation site app-hinkal.cyou, that asks users to connect to their digital wallets. The legitimate Hinkal website is hinkal.pro. If users connect their digital wallets on the scam site, they will initiate a crypto drainer that will make unauthorized transfers and eventually drain…
Datarip ransomware is file-encrypting malware from the MedusaLocker family. This type of malware takes files hostage by encrypting them and demands payment for their recovery. Files encrypted by Datarip ransomware can be identified by the .datarip extension added to encrypted files. Unfortunately, files having that extension indicates that they have been encrypted and cannot be opened. Such files need to be…